<?php
$access_level = 0;
$page_title = 'eTAT: Administrator Console';
require_once 'controller.php';

if(isset($_POST['admin_create_submit'])) {
        $password = makePassword($_POST['admin_password']);
        $query = mysql_query("INSERT INTO `instructor` VALUES (NULL,'{$_POST['admin_full_name']}','{$_POST['admin_email']}','$password','3')") or die(mysql_error());
        redirect('admin.php');
}

if(isset($_POST['admin_login_submit'])) {
        $password = makePassword($_POST['admin_password']);
        $query = mysql_query("SELECT * FROM `instructor` WHERE `email` = '{$_POST['admin_email']}' AND `password` = '$password' AND `permission` = '3'");
        $result = mysql_fetch_object($query);
        if($result) {
                $_SESSION['admin_logged_in'] = $result;
                redirect('admin.php');
        } else {
                redirect('admin.php?m=2');
        }
}

if(isset($_POST['admin_logout_submit'])) {
	session_unset();
	session_destroy();
	redirect('admin.php');
}

if(isset($_POST['new_user_submit'])) {
        $checkSQL = mysql_query("SELECT * FROM `instructor` WHERE `email` = '{$_POST['new_email']}' ");
	if(!mysql_fetch_row($checkSQL)) {

		$sql = mysql_query("INSERT INTO `instructor` VALUES
			(NULL, NULL,'{$_POST['new_email']}',NULL,'1');") or die(mysql_error());
		//@TODO: send email to user
		redirect('admin.php');
	}else{

			$_SESSION['m'] = 8;
			redirect("admin.php");
	}
}
require_once 'header.php';
$check = mysql_query("SELECT * FROM `instructor` WHERE `permission` = '3'");
if(!mysql_fetch_row($check)) { ?>
<h1>Administrator Console</h1>
<p>Looks like this is your first time at using eTAT.</p>
<p>Start by creating an Administrator Account that can manage the rest of the user accounts:</p><br>
                <?php
                $form = new Form('new_admin_form','post');
                $form->textInput('admin_full_name','Admin Full Name');
                $form->textInput('admin_email','Admin Email Address');
                $form->textInput('admin_password','Admin Password',array('type'=>'password'));
                $form->button('admin_create_submit','Create',array('type'=>'submit'));
                print $form->build();
                ?>
<?php
} else {
?>
<?php if($_SESSION['admin_logged_in'] == false) { ?>
<h1>Administrator Console</h1>
<form name='admin-login' method='post'>
        <?php
                $form = new Form('admin_login_form','post');
                $form->textInput('admin_email','Email Address');
                $form->textInput('admin_password','Password',array('type'=>'password'));
                $form->button('admin_login_submit','Login',array('type'=>'submit'));
                print $form->build();
        ?>
</form>
<?php
} else {
        $query = mysql_query("SELECT * FROM `instructor`");
        while($r = mysql_fetch_object($query))
                $users[] = $r;
?>
<h1>Administrator Console</h1>
        <?php
                $form = new Form('admin_logout_form','post');
                $form->text('Welcome, '.$_SESSION['admin_logged_in']->full_name.' ');
                $form->button('admin_logout_submit','Logout',array('type'=>'submit'),false);
                print $form->build();
        ?>
<br />

<p><b>User List:</b></p><br />
<ul>
        <?php
                $form = new Form('new_user','post',true,array('class'=>'invisible'));
                $form->textInput('new_email','Email Address');
                $form->button('new_user_submit','Submit',array('type'=>'submit'),false);
                if(count($users) > 1) {
                        foreach($users as $u) {
                                if($u->permission == '1' && $u->permission != '3') {
                                        $key = base64_encode($u->email);
                                        print "<li>$u->email (Invitation sent) <a href='register.php?k=$key'>[link]</a></li>";
                                } else if($u->permission == '2' && $u->permission != '3')
                                        print "<li>$u->full_name ($u->email)</li>";
                        }
                        print '<br>';
                        print newBtn('add_new_user','Add a New User',array('type'=>'button','onclick'=>'javascript:this.className="invisible";$("new-user").className="visible";$("new-email").focus();'),false);
                        $form->button('new_user_cancel','Cancel',array('type'=>'button','onclick'=>'javascript:$("add-new-user").className="visible";$("new-user").className="invisible"'),false);
                        print $form->build();
                } else {
                        print "<p>There are currently no users in the eTAT Application. Start by adding one below:<br><br>";
                        $form->setClass('visible');
                        print $form->build();

                }
        ?>
</ul>

<?php } } ?>
<div class='clear'></div>
<?php require_once 'footer.php'; ?>
